Add MaybeDangling to core
#149775
Add MaybeDangling to core
#149775
Conversation
rustbot
added
S-waiting-on-author
rustbot
added
S-waiting-on-review
This comment has been minimized.
This comment has been minimized.
|
The Miri subtree was changed cc @rust-lang/miri |
This comment has been minimized.
This comment has been minimized.
This comment was marked as resolved.
This comment was marked as resolved.
rustbot
added
has-merge-commits
Co-authored-by: Ralf Jung <[email protected]>
Now that `MaybeUninit` contains `ManuallyDrop` which contains `MaybeDangling` (tbc this is the addition), we need to unwrap one more layer
WaffleLapkin
force-pushed
the
core-mem-maybe-dangling
branch
from
c7db108 to
95eee60
Compare
|
This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed. Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers. |
rustbot
removed
S-waiting-on-author
| /// | ||
| /// Even though the `Box`e's destructor is not run (and thus we don't have a double free bug), this | ||
| /// code is still UB. This is because when moving `boxed` into `forget`, its validity invariants | ||
| /// are asserted, causing UB since the `Box` is dangling. |
There was a problem hiding this comment.
Maybe worth clarifying, e.g., "The safety comment is as such wrong, as moving the boxed variable as part of the call is a use"?
| /// **not** dangling -- functions like [`as_ref`] and [`into_inner`] are safe. It is not sound to | ||
| /// return a dangling reference in a `MaybeDangling` to safe code. However, it *is* sound | ||
| /// to hold such values internally inside your code -- and there's no way to do that without | ||
| /// this type. |
There was a problem hiding this comment.
It sounds like there are alternatives to this type, though, right? Is it worth saying something about ManuallyDrop or some other construct that's already stable?
| /// (and [boxes]) still must be aligned and non-null. | ||
| /// | ||
| /// Additionally note that safe code can still assume that the inner value in a `MaybeDangling` is | ||
| /// **not** dangling -- functions like [`as_ref`] and [`into_inner`] are safe. It is not sound to |
There was a problem hiding this comment.
How do we deal with the implicit Drop for the inner type? Should callers who place e.g. a dangling Box inside just be careful to call forget rather than letting it Drop?
|
|
||
| use crate::{mem, ptr}; | ||
|
|
||
| /// Allows wrapped [references] and [boxes] to dangle. |
There was a problem hiding this comment.
Can we add a "Not yet actually implemented" or perhaps make maybe_dangling an incomplete lang feature? I worry a bit that as of this PR, from what I can tell, this is UB to use as documented, right? Since the compiler bits aren't there yet.
5 participants
This is the library part of adding
MaybeDangling. Note that it doesn't actually do anything described in its docs (yet), I'll make a separate PR for that.Tracking issue: #118166.
r? libs
cc @RalfJung